1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
|
/*++
Global defines for TSS.
--*/
#ifndef __TSS_DEFINES_H__
#define __TSS_DEFINES_H__
#include <tss/platform.h>
#include <tss/tpm.h>
//////////////////////////////////////////////////////////////////////////
// Object types:
//////////////////////////////////////////////////////////////////////////
//
// definition of the object types that can be created via CreateObject
//
#define TSS_OBJECT_TYPE_POLICY (0x01) // Policy object
#define TSS_OBJECT_TYPE_RSAKEY (0x02) // RSA-Key object
#define TSS_OBJECT_TYPE_ENCDATA (0x03) // Encrypted data object
#define TSS_OBJECT_TYPE_PCRS (0x04) // PCR composite object
#define TSS_OBJECT_TYPE_HASH (0x05) // Hash object
#define TSS_OBJECT_TYPE_DELFAMILY (0x06) // Delegation Family object
#define TSS_OBJECT_TYPE_NV (0x07) // NV object
#define TSS_OBJECT_TYPE_MIGDATA (0x08) // CMK Migration data object
#define TSS_OBJECT_TYPE_DAA_CERTIFICATE (0x09) // DAA credential
#define TSS_OBJECT_TYPE_DAA_ISSUER_KEY (0x0a) // DAA cred. issuer keypair
#define TSS_OBJECT_TYPE_DAA_ARA_KEY (0x0b) // DAA anonymity revocation
// authority keypair
//////////////////////////////////////////////////////////////////////////
// CreateObject: Flags
//////////////////////////////////////////////////////////////////////////
//************************************
// Flags for creating RSAKEY object: *
//************************************
//
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
// |x x|Auth
// |x| Volatility
// |x| Migration
// |x x x x| Type
// |x x x x| Size
// |x x| CMK
// |x x x| Version
// |0 0 0 0 0 0 0 0 0| Reserved
// |x x x x x x| Fixed Type
//
// Authorization:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// Never |0 0|
// Always |0 1|
// Private key always |1 0|
//
#define TSS_KEY_NO_AUTHORIZATION (0x00000000) // no auth needed
// for this key
#define TSS_KEY_AUTHORIZATION (0x00000001) // key needs auth
// for all ops
#define TSS_KEY_AUTHORIZATION_PRIV_USE_ONLY (0x00000002) // key needs auth
// for privkey ops,
// noauth for pubkey
//
// Volatility
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// Non Volatile |0|
// Volatile |1|
//
#define TSS_KEY_NON_VOLATILE (0x00000000) // Key is non-volatile
#define TSS_KEY_VOLATILE (0x00000004) // Key is volatile
//
// Migration
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// Non Migratable |0|
// Migratable |1|
//
#define TSS_KEY_NOT_MIGRATABLE (0x00000000) // key is not migratable
#define TSS_KEY_MIGRATABLE (0x00000008) // key is migratable
//
// Usage
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// Default (Legacy) |0 0 0 0|
// Signing |0 0 0 1|
// Storage |0 0 1 0|
// Identity |0 0 1 1|
// AuthChange |0 1 0 0|
// Bind |0 1 0 1|
// Legacy |0 1 1 0|
//
#define TSS_KEY_TYPE_DEFAULT (0x00000000) // indicate a default key
// (Legacy-Key)
#define TSS_KEY_TYPE_SIGNING (0x00000010) // indicate a signing key
#define TSS_KEY_TYPE_STORAGE (0x00000020) // used as storage key
#define TSS_KEY_TYPE_IDENTITY (0x00000030) // indicate an idendity key
#define TSS_KEY_TYPE_AUTHCHANGE (0x00000040) // indicate an ephemeral key
#define TSS_KEY_TYPE_BIND (0x00000050) // indicate a key for TPM_Bind
#define TSS_KEY_TYPE_LEGACY (0x00000060) // indicate a key that can
// perform signing and binding
#define TSS_KEY_TYPE_MIGRATE (0x00000070) // indicate a key that can
// act as a CMK MA
#define TSS_KEY_TYPE_BITMASK (0x000000F0) // mask to extract key type
//
// Key size
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// DEFAULT |0 0 0 0|
// 512 |0 0 0 1|
// 1024 |0 0 1 0|
// 2048 |0 0 1 1|
// 4096 |0 1 0 0|
// 8192 |0 1 0 1|
// 16384 |0 1 1 0|
//
#define TSS_KEY_SIZE_DEFAULT (UINT32)(0x00000000) // indicate tpm-specific size
#define TSS_KEY_SIZE_512 (UINT32)(0x00000100) // indicate a 512-bit key
#define TSS_KEY_SIZE_1024 (UINT32)(0x00000200) // indicate a 1024-bit key
#define TSS_KEY_SIZE_2048 (UINT32)(0x00000300) // indicate a 2048-bit key
#define TSS_KEY_SIZE_4096 (UINT32)(0x00000400) // indicate a 4096-bit key
#define TSS_KEY_SIZE_8192 (UINT32)(0x00000500) // indicate a 8192-bit key
#define TSS_KEY_SIZE_16384 (UINT32)(0x00000600) // indicate a 16384-bit key
#define TSS_KEY_SIZE_BITMASK (UINT32)(0x00000F00) // mask to extract key size
//
// Certified Migratability
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// DEFAULT |0 0|
// Not Certified Migratable |0 0|
// Certified Migratable |0 1|
//
#define TSS_KEY_NOT_CERTIFIED_MIGRATABLE (UINT32)(0x00000000)
#define TSS_KEY_CERTIFIED_MIGRATABLE (UINT32)(0x00001000)
//
// Specification version
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// Context default |0 0 0|
// TPM_KEY 1.1b key |0 0 1|
// TPM_KEY12 1.2 key |0 1 0|
//
#define TSS_KEY_STRUCT_DEFAULT (UINT32)(0x00000000)
#define TSS_KEY_STRUCT_KEY (UINT32)(0x00004000)
#define TSS_KEY_STRUCT_KEY12 (UINT32)(0x00008000)
#define TSS_KEY_STRUCT_BITMASK (UINT32)(0x0001C000)
//
// fixed KeyTypes (templates)
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// |0 0 0 0 0 0| Empty Key
// |0 0 0 0 0 1| Storage Root Key
//
#define TSS_KEY_EMPTY_KEY (0x00000000) // no TPM key template
// (empty TSP key object)
#define TSS_KEY_TSP_SRK (0x04000000) // use a TPM SRK template
// (TSP key object for SRK)
#define TSS_KEY_TEMPLATE_BITMASK (0xFC000000) // bitmask to extract key
// template
//*************************************
// Flags for creating ENCDATA object: *
//*************************************
//
// Type
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// Seal |0 0 1|
// Bind |0 1 0|
// Legacy |0 1 1|
//
// ENCDATA Reserved:
// |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x|
//
#define TSS_ENCDATA_SEAL (0x00000001) // data for seal operation
#define TSS_ENCDATA_BIND (0x00000002) // data for bind operation
#define TSS_ENCDATA_LEGACY (0x00000003) // data for legacy bind operation
//**********************************
// Flags for creating HASH object: *
//**********************************
//
// Algorithm
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// DEFAULT
// |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0|
// SHA1
// |0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1|
// OTHER
// |1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1|
//
#define TSS_HASH_DEFAULT (0x00000000) // Default hash algorithm
#define TSS_HASH_SHA1 (0x00000001) // SHA-1 with 20 bytes
#define TSS_HASH_OTHER (0xFFFFFFFF) // Not-specified hash algorithm
//************************************
// Flags for creating POLICY object: *
//************************************
//
// Type
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
//
// Usage |0 0 1|
// Migration |0 1 0|
// Operator |0 1 1|
//
// POLICY Reserved:
// |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x|
#define TSS_POLICY_USAGE (0x00000001) // usage policy object
#define TSS_POLICY_MIGRATION (0x00000002) // migration policy object
#define TSS_POLICY_OPERATOR (0x00000003) // migration policy object
//******************************************
// Flags for creating PCRComposite object: *
//******************************************
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
// |x x| Struct
// |x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x| Reserved
//
// PCRComposite Version:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// ---------------------------------------------------------------
// TPM_PCR_DEFAULT |0 0 0|
// TPM_PCR_INFO |0 0 1|
// TPM_PCR_INFO_LONG |0 1 0|
// TPM_PCR_INFO_SHORT |0 1 1|
//
#define TSS_PCRS_STRUCT_DEFAULT (0x00000000) // depends on context
#define TSS_PCRS_STRUCT_INFO (0x00000001) // TPM_PCR_INFO
#define TSS_PCRS_STRUCT_INFO_LONG (0x00000002) // TPM_PCR_INFO_LONG
#define TSS_PCRS_STRUCT_INFO_SHORT (0x00000003) // TPM_PCR_INFO_SHORT
//////////////////////////////////////////////////////////////////////////
// Attribute Flags, Subflags, and Values
//////////////////////////////////////////////////////////////////////////
//******************
// Context object: *
//******************
//
// Attributes
//
#define TSS_TSPATTRIB_CONTEXT_SILENT_MODE (0x00000001)
// dialog display control
#define TSS_TSPATTRIB_CONTEXT_MACHINE_NAME (0x00000002)
// remote machine name
#define TSS_TSPATTRIB_CONTEXT_VERSION_MODE (0x00000003)
// context version
#define TSS_TSPATTRIB_CONTEXT_TRANSPORT (0x00000004)
// transport control
#define TSS_TSPATTRIB_CONTEXT_CONNECTION_VERSION (0x00000005)
// connection version
#define TSS_TSPATTRIB_SECRET_HASH_MODE (0x00000006)
// flag indicating whether
// NUL is included in the
// hash of the password
//
// SubFlags for Flag TSS_TSPATTRIB_CONTEXT_TRANSPORT
//
#define TSS_TSPATTRIB_CONTEXTTRANS_CONTROL (0x00000008)
#define TSS_TSPATTRIB_CONTEXTTRANS_MODE (0x00000010)
//
// Values for the TSS_TSPATTRIB_CONTEXT_SILENT_MODE attribute
//
#define TSS_TSPATTRIB_CONTEXT_NOT_SILENT (0x00000000) // TSP dialogs enabled
#define TSS_TSPATTRIB_CONTEXT_SILENT (0x00000001) // TSP dialogs disabled
//
// Values for the TSS_TSPATTRIB_CONTEXT_VERSION_MODE attribute
//
#define TSS_TSPATTRIB_CONTEXT_VERSION_AUTO (0x00000001)
#define TSS_TSPATTRIB_CONTEXT_VERSION_V1_1 (0x00000002)
#define TSS_TSPATTRIB_CONTEXT_VERSION_V1_2 (0x00000003)
//
// Values for the subflag TSS_TSPATTRIB_CONTEXT_TRANS_CONTROL
//
#define TSS_TSPATTRIB_DISABLE_TRANSPORT (0x00000016)
#define TSS_TSPATTRIB_ENABLE_TRANSPORT (0x00000032)
//
// Values for the subflag TSS_TSPATTRIB_CONTEXT_TRANS_MODE
//
#define TSS_TSPATTRIB_TRANSPORT_NO_DEFAULT_ENCRYPTION (0x00000000)
#define TSS_TSPATTRIB_TRANSPORT_DEFAULT_ENCRYPTION (0x00000001)
#define TSS_TSPATTRIB_TRANSPORT_AUTHENTIC_CHANNEL (0x00000002)
#define TSS_TSPATTRIB_TRANSPORT_EXCLUSIVE (0x00000004)
#define TSS_TSPATTRIB_TRANSPORT_STATIC_AUTH (0x00000008)
//
// Values for the TSS_TSPATTRIB_CONTEXT_CONNECTION_VERSION attribute
//
#define TSS_CONNECTION_VERSION_1_1 (0x00000001)
#define TSS_CONNECTION_VERSION_1_2 (0x00000002)
//
// Subflags of TSS_TSPATTRIB_SECRET_HASH_MODE
//
#define TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP (0x00000001)
//
// Values for TSS_TSPATTRIB_SECRET_HASH_MODE_POPUP subflag
//
#define TSS_TSPATTRIB_HASH_MODE_NOT_NULL (0x00000000)
#define TSS_TSPATTRIB_HASH_MODE_NULL (0x00000001)
// *************
// TPM object: *
// *************
//
// Attributes:
//
#define TSS_TSPATTRIB_TPM_CALLBACK_COLLATEIDENTITY 0x00000001
#define TSS_TSPATTRIB_TPM_CALLBACK_ACTIVATEIDENTITY 0x00000002
#define TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS 0x00000003
#define TSS_TSPATTRIB_TPM_CREDENTIAL 0x00001000
//
// Subflags for TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS
//
#define TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT 0x00000000
#define TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT 0x00000001
//
// Subflags for TSS_TSPATTRIB_TPM_CREDENTIAL
//
#define TSS_TPMATTRIB_EKCERT 0x00000001
#define TSS_TPMATTRIB_TPM_CC 0x00000002
#define TSS_TPMATTRIB_PLATFORMCERT 0x00000003
#define TSS_TPMATTRIB_PLATFORM_CC 0x00000004
//*****************
// Policy object: *
//*****************
//
// Attributes
//
#define TSS_TSPATTRIB_POLICY_CALLBACK_HMAC (0x00000080)
// enable/disable callback function
#define TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC (0x00000100)
// enable/disable callback function
#define TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP (0x00000180)
// enable/disable callback function
#define TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM (0x00000200)
// enable/disable callback function
#define TSS_TSPATTRIB_POLICY_SECRET_LIFETIME (0x00000280)
// set lifetime mode for policy secret
#define TSS_TSPATTRIB_POLICY_POPUPSTRING (0x00000300)
// set a NULL terminated UNICODE string
// which is displayed in the TSP policy
// popup dialog
#define TSS_TSPATTRIB_POLICY_CALLBACK_SEALX_MASK (0x00000380)
// enable/disable callback function
#if 0
/* This attribute flag is defined earlier with the context attributes.
* It is valid for both context and policy objects. It is copied
* here as a reminder to avoid collisions.
*/
#define TSS_TSPATTRIB_SECRET_HASH_MODE (0x00000006)
// flag indicating whether
// NUL is included in the
// hash of the password
#endif
#define TSS_TSPATTRIB_POLICY_DELEGATION_INFO (0x00000001)
#define TSS_TSPATTRIB_POLICY_DELEGATION_PCR (0x00000002)
//
// SubFlags for Flag TSS_TSPATTRIB_POLICY_SECRET_LIFETIME
//
#define TSS_SECRET_LIFETIME_ALWAYS (0x00000001) // secret will not be
// invalidated
#define TSS_SECRET_LIFETIME_COUNTER (0x00000002) // secret lifetime
// controlled by counter
#define TSS_SECRET_LIFETIME_TIMER (0x00000003) // secret lifetime
// controlled by time
#define TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS TSS_SECRET_LIFETIME_ALWAYS
#define TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER TSS_SECRET_LIFETIME_COUNTER
#define TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER TSS_SECRET_LIFETIME_TIMER
// Alternate names misspelled in the 1.1 TSS spec.
#define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS TSS_SECRET_LIFETIME_ALWAYS
#define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER TSS_SECRET_LIFETIME_COUNTER
#define TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER TSS_SECRET_LIFETIME_TIMER
//
// Subflags of TSS_TSPATTRIB_POLICY_DELEGATION_INFO
//
#define TSS_TSPATTRIB_POLDEL_TYPE (0x00000001)
#define TSS_TSPATTRIB_POLDEL_INDEX (0x00000002)
#define TSS_TSPATTRIB_POLDEL_PER1 (0x00000003)
#define TSS_TSPATTRIB_POLDEL_PER2 (0x00000004)
#define TSS_TSPATTRIB_POLDEL_LABEL (0x00000005)
#define TSS_TSPATTRIB_POLDEL_FAMILYID (0x00000006)
#define TSS_TSPATTRIB_POLDEL_VERCOUNT (0x00000007)
#define TSS_TSPATTRIB_POLDEL_OWNERBLOB (0x00000008)
#define TSS_TSPATTRIB_POLDEL_KEYBLOB (0x00000009)
//
// Subflags of TSS_TSPATTRIB_POLICY_DELEGATION_PCR
//
#define TSS_TSPATTRIB_POLDELPCR_LOCALITY (0x00000001)
#define TSS_TSPATTRIB_POLDELPCR_DIGESTATRELEASE (0x00000002)
#define TSS_TSPATTRIB_POLDELPCR_SELECTION (0x00000003)
//
// Values for the Policy TSS_TSPATTRIB_POLDEL_TYPE attribute
//
#define TSS_DELEGATIONTYPE_NONE (0x00000001)
#define TSS_DELEGATIONTYPE_OWNER (0x00000002)
#define TSS_DELEGATIONTYPE_KEY (0x00000003)
//
// Flags used for the 'mode' parameter in Tspi_Policy_SetSecret()
//
#define TSS_SECRET_MODE_NONE (0x00000800) // No authorization will be
// processed
#define TSS_SECRET_MODE_SHA1 (0x00001000) // Secret string will not be
// touched by TSP
#define TSS_SECRET_MODE_PLAIN (0x00001800) // Secret string will be hashed
// using SHA1
#define TSS_SECRET_MODE_POPUP (0x00002000) // TSS SP will ask for a secret
#define TSS_SECRET_MODE_CALLBACK (0x00002800) // Application has to provide a
// call back function
//******************
// EncData object: *
//******************
//
// Attributes
//
#define TSS_TSPATTRIB_ENCDATA_BLOB (0x00000008)
#define TSS_TSPATTRIB_ENCDATA_PCR (0x00000010)
#define TSS_TSPATTRIB_ENCDATA_PCR_LONG (0x00000018)
#define TSS_TSPATTRIB_ENCDATA_SEAL (0x00000020)
//
// SubFlags for Flag TSS_TSPATTRIB_ENCDATA_BLOB
//
#define TSS_TSPATTRIB_ENCDATABLOB_BLOB (0x00000001) // encrypted data blob
//
// SubFlags for Flag TSS_TSPATTRIB_ENCDATA_PCR
//
#define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATCREATION (0x00000002)
#define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE (0x00000003)
#define TSS_TSPATTRIB_ENCDATAPCR_SELECTION (0x00000004)
// support typo from 1.1 headers
#define TSS_TSPATTRIB_ENCDATAPCR_DIGEST_RELEASE \
TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE
#define TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATCREATION (0x00000005)
#define TSS_TSPATTRIB_ENCDATAPCRLONG_LOCALITY_ATRELEASE (0x00000006)
#define TSS_TSPATTRIB_ENCDATAPCRLONG_CREATION_SELECTION (0x00000007)
#define TSS_TSPATTRIB_ENCDATAPCRLONG_RELEASE_SELECTION (0x00000008)
#define TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATCREATION (0x00000009)
#define TSS_TSPATTRIB_ENCDATAPCRLONG_DIGEST_ATRELEASE (0x0000000A)
//
// Attribute subflags TSS_TSPATTRIB_ENCDATA_SEAL
//
#define TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE (0x00000001)
//
// Attribute values for
// TSS_TSPATTRIB_ENCDATA_SEAL/TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE
//
#define TSS_TSPATTRIB_ENCDATASEAL_NOPROTECT (0x00000000)
#define TSS_TSPATTRIB_ENCDATASEAL_PROTECT (0x00000001)
// Accounting for typos in original header files
#define TSS_TSPATTRIB_ENCDATASEAL_NO_PROTECT \
TSS_TSPATTRIB_ENCDATASEAL_NOPROTECT
//*************
// NV object: *
//*************
//
// Attributes
//
#define TSS_TSPATTRIB_NV_INDEX (0x00000001)
#define TSS_TSPATTRIB_NV_PERMISSIONS (0x00000002)
#define TSS_TSPATTRIB_NV_STATE (0x00000003)
#define TSS_TSPATTRIB_NV_DATASIZE (0x00000004)
#define TSS_TSPATTRIB_NV_PCR (0x00000005)
#define TSS_TSPATTRIB_NVSTATE_READSTCLEAR (0x00100000)
#define TSS_TSPATTRIB_NVSTATE_WRITESTCLEAR (0x00200000)
#define TSS_TSPATTRIB_NVSTATE_WRITEDEFINE (0x00300000)
#define TSS_TSPATTRIB_NVPCR_READPCRSELECTION (0x01000000)
#define TSS_TSPATTRIB_NVPCR_READDIGESTATRELEASE (0x02000000)
#define TSS_TSPATTRIB_NVPCR_READLOCALITYATRELEASE (0x03000000)
#define TSS_TSPATTRIB_NVPCR_WRITEPCRSELECTION (0x04000000)
#define TSS_TSPATTRIB_NVPCR_WRITEDIGESTATRELEASE (0x05000000)
#define TSS_TSPATTRIB_NVPCR_WRITELOCALITYATRELEASE (0x06000000)
/* NV index flags
*
* From the TPM spec, Part 2, Section 19.1.
*
* 3 2 1
* 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* |T|P|U|D| resvd | Purview | Index |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
#define TSS_NV_TPM (0x80000000) // TPM mfr reserved bit
#define TSS_NV_PLATFORM (0x40000000) // Platform mfr reserved bit
#define TSS_NV_USER (0x20000000) // User reserved bit
#define TSS_NV_DEFINED (0x10000000) // "Defined permanently" flag
#define TSS_NV_MASK_TPM (0x80000000) // mask to extract 'T'
#define TSS_NV_MASK_PLATFORM (0x40000000) // mask to extract 'P'
#define TSS_NV_MASK_USER (0x20000000) // mask to extract 'U'
#define TSS_NV_MASK_DEFINED (0x10000000) // mask to extract 'D'
#define TSS_NV_MASK_RESERVED (0x0f000000) // mask to extract reserved bits
#define TSS_NV_MASK_PURVIEW (0x00ff0000) // mask to extract purview byte
#define TSS_NV_MASK_INDEX (0x0000ffff) // mask to extract index byte
// This is the index of the NV storage area where the number of sessions
// per locality is stored.
#define TSS_NV_INDEX_SESSIONS (0x00011101)
//******************
// MigData object: *
//******************
//
// Attributes
//
#define TSS_MIGATTRIB_MIGRATIONBLOB (0x00000010)
#define TSS_MIGATTRIB_MIGRATIONTICKET (0x00000020)
#define TSS_MIGATTRIB_AUTHORITY_DATA (0x00000030)
#define TSS_MIGATTRIB_MIG_AUTH_DATA (0x00000040)
#define TSS_MIGATTRIB_TICKET_DATA (0x00000050)
#define TSS_MIGATTRIB_PAYLOAD_TYPE (0x00000060)
//
// Attribute subflags TSS_MIGATTRIB_MIGRATIONBLOB
//
#define TSS_MIGATTRIB_MIGRATION_XOR_BLOB (0x00000101)
#define TSS_MIGATTRIB_MIGRATION_REWRAPPED_BLOB (0x00000102)
#define TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB (0x00000103)
#define TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB (0x00000104)
#define TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB (0x00000105)
#define TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB (0x00000106)
#define TSS_MIGATTRIB_MIG_REWRAPPED_BLOB TSS_MIGATTRIB_MIGRATION_REWRAPPED_BLOB
#define TSS_MIGATTRIB_MIG_XOR_BLOB TSS_MIGATTRIB_MIGRATION_XOR_BLOB
//
// Attribute subflags TSS_MIGATTRIB_MIGRATIONTICKET
//
// none
//
// Attribute subflags TSS_MIGATTRIB_AUTHORITY_DATA
//
#define TSS_MIGATTRIB_AUTHORITY_DIGEST (0x00000301)
#define TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC (0x00000302)
#define TSS_MIGATTRIB_AUTHORITY_MSALIST (0x00000303)
//
// Attribute subflags TSS_MIGATTRIB_MIG_AUTH_DATA
//
#define TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST (0x00000401)
#define TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST (0x00000402)
#define TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST (0x00000403)
//
// Attribute subflags TSS_MIGATTRIB_TICKET_DATA
//
#define TSS_MIGATTRIB_TICKET_SIG_DIGEST (0x00000501)
#define TSS_MIGATTRIB_TICKET_SIG_VALUE (0x00000502)
#define TSS_MIGATTRIB_TICKET_SIG_TICKET (0x00000503)
#define TSS_MIGATTRIB_TICKET_RESTRICT_TICKET (0x00000504)
//
// Attribute subflags TSS_MIGATTRIB_PAYLOAD_TYPE
//
#define TSS_MIGATTRIB_PT_MIGRATE_RESTRICTED (0x00000601)
#define TSS_MIGATTRIB_PT_MIGRATE_EXTERNAL (0x00000602)
//***************
// Hash object: *
//***************
//
// Attributes
//
#define TSS_TSPATTRIB_HASH_IDENTIFIER (0x00001000) // Hash algorithm identifier
#define TSS_TSPATTRIB_ALG_IDENTIFIER (0x00002000) // ASN.1 alg identifier
//***************
// PCRs object: *
//***************
//
// Attributes
//
#define TSS_TSPATTRIB_PCRS_INFO (0x00000001) // info
//
// Subflags for TSS_TSPATTRIB_PCRS_INFO flag
//
#define TSS_TSPATTRIB_PCRSINFO_PCRSTRUCT (0x00000001) // type of pcr struct
// TSS_PCRS_STRUCT_TYPE_XX
//****************************
// Delegation Family object: *
//****************************
//
// Attributes
//
#define TSS_TSPATTRIB_DELFAMILY_STATE (0x00000001)
#define TSS_TSPATTRIB_DELFAMILY_INFO (0x00000002)
// DELFAMILY_STATE sub-attributes
#define TSS_TSPATTRIB_DELFAMILYSTATE_LOCKED (0x00000001)
#define TSS_TSPATTRIB_DELFAMILYSTATE_ENABLED (0x00000002)
// DELFAMILY_INFO sub-attributes
#define TSS_TSPATTRIB_DELFAMILYINFO_LABEL (0x00000003)
#define TSS_TSPATTRIB_DELFAMILYINFO_VERCOUNT (0x00000004)
#define TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID (0x00000005)
// Bitmasks for the 'ulFlags' argument to Tspi_TPM_Delegate_CreateDelegation.
// Only one bit used for now.
#define TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT ((UINT32)1)
// Bitmasks for the 'ulFlags' argument to
// Tspi_TPM_Delegate_CacheOwnerDelegation. Only 1 bit is used for now.
#define TSS_DELEGATE_CACHEOWNERDELEGATION_OVERWRITEEXISTING ((UINT32)1)
//*************************
// DAA Credential Object: *
//*************************
//
// Attribute flags
//
#define TSS_TSPATTRIB_DAACRED_COMMIT (0x00000001)
#define TSS_TSPATTRIB_DAACRED_ATTRIB_GAMMAS (0x00000002)
#define TSS_TSPATTRIB_DAACRED_CREDENTIAL_BLOB (0x00000003)
#define TSS_TSPATTRIB_DAACRED_CALLBACK_SIGN (0x00000004)
#define TSS_TSPATTRIB_DAACRED_CALLBACK_VERIFYSIGNATURE (0x00000005)
//
// Subflags for TSS_TSPATTRIB_DAACRED_COMMIT
//
#define TSS_TSPATTRIB_DAACOMMIT_NUMBER (0x00000001)
#define TSS_TSPATTRIB_DAACOMMIT_SELECTION (0x00000002)
#define TSS_TSPATTRIB_DAACOMMIT_COMMITMENTS (0x00000003)
//
// Subflags for TSS_TSPATTRIB_DAACRED_ATTRIB_GAMMAS
//
#define TSS_TSPATTRIB_DAAATTRIBGAMMAS_BLOB (0xffffffff)
//*************************
// DAA Issuer Key Object: *
//*************************
//
// Attribute flags
//
#define TSS_TSPATTRIB_DAAISSUERKEY_BLOB (0x00000001)
#define TSS_TSPATTRIB_DAAISSUERKEY_PUBKEY (0x00000002)
//
// Subflags for TSS_TSPATTRIB_DAAISSUERKEY_BLOB
//
#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_PUBLIC_KEY (0x00000001)
#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_SECRET_KEY (0x00000002)
#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_KEYBLOB (0x00000003)
#define TSS_TSPATTRIB_DAAISSUERKEYBLOB_PROOF (0x00000004)
//
// Subflags for TSS_TSPATTRIB_DAAISSUERKEY_PUBKEY
//
#define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_ATTRIBS (0x00000001)
#define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_PLATFORM_ATTRIBS (0x00000002)
#define TSS_TSPATTRIB_DAAISSUERKEYPUBKEY_NUM_ISSUER_ATTRIBS (0x00000003)
//***************************************
// DAA Anonymity Revocation Key Object: *
//***************************************
//
// Attribute flags
//
#define TSS_TSPATTRIB_DAAARAKEY_BLOB (0x00000001)
//
// Subflags for TSS_TSPATTRIB_DAAARAKEY_BLOB
//
#define TSS_TSPATTRIB_DAAARAKEYBLOB_PUBLIC_KEY (0x00000001)
#define TSS_TSPATTRIB_DAAARAKEYBLOB_SECRET_KEY (0x00000002)
#define TSS_TSPATTRIB_DAAARAKEYBLOB_KEYBLOB (0x00000003)
//
// Structure payload flags for TSS_DAA_PSEUDONYM,
// (TSS_DAA_PSEUDONYM.payloadFlag)
//
#define TSS_FLAG_DAA_PSEUDONYM_PLAIN (0x00000000)
#define TSS_FLAG_DAA_PSEUDONYM_ENCRYPTED (0x00000001)
//**************
// Key Object: *
//**************
//
// Attribute flags
//
#define TSS_TSPATTRIB_KEY_BLOB (0x00000040) // key info as blob data
#define TSS_TSPATTRIB_KEY_INFO (0x00000080) // keyparam info as blob data
#define TSS_TSPATTRIB_KEY_UUID (0x000000C0) // key UUID info as blob data
#define TSS_TSPATTRIB_KEY_PCR (0x00000100) // composite digest value for
// the key
#define TSS_TSPATTRIB_RSAKEY_INFO (0x00000140) // public key info
#define TSS_TSPATTRIB_KEY_REGISTER (0x00000180) // register location
#define TSS_TSPATTRIB_KEY_PCR_LONG (0x000001c0) // PCR_INFO_LONG for the key
#define TSS_TSPATTRIB_KEY_CONTROLBIT (0x00000200) // key control flags
#define TSS_TSPATTRIB_KEY_CMKINFO (0x00000400) // CMK info
//
// SubFlags for Flag TSS_TSPATTRIB_KEY_BLOB
//
#define TSS_TSPATTRIB_KEYBLOB_BLOB (0x00000008) // key info using the
// key blob
#define TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY (0x00000010) // public key info
// using the blob
#define TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY (0x00000028) // encrypted private key
// blob
//
// SubFlags for Flag TSS_TSPATTRIB_KEY_INFO
//
#define TSS_TSPATTRIB_KEYINFO_SIZE (0x00000080) // key size in bits
#define TSS_TSPATTRIB_KEYINFO_USAGE (0x00000100) // key usage info
#define TSS_TSPATTRIB_KEYINFO_KEYFLAGS (0x00000180) // key flags
#define TSS_TSPATTRIB_KEYINFO_AUTHUSAGE (0x00000200) // key auth usage info
#define TSS_TSPATTRIB_KEYINFO_ALGORITHM (0x00000280) // key algorithm ID
#define TSS_TSPATTRIB_KEYINFO_SIGSCHEME (0x00000300) // key sig scheme
#define TSS_TSPATTRIB_KEYINFO_ENCSCHEME (0x00000380) // key enc scheme
#define TSS_TSPATTRIB_KEYINFO_MIGRATABLE (0x00000400) // if true then key is
// migratable
#define TSS_TSPATTRIB_KEYINFO_REDIRECTED (0x00000480) // key is redirected
#define TSS_TSPATTRIB_KEYINFO_VOLATILE (0x00000500) // if true key is
// volatile
#define TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE (0x00000580) // if true auth is
// required
#define TSS_TSPATTRIB_KEYINFO_VERSION (0x00000600) // version info as TSS
// version struct
#define TSS_TSPATTRIB_KEYINFO_CMK (0x00000680) // if true then key
// is certified
// migratable
#define TSS_TSPATTRIB_KEYINFO_KEYSTRUCT (0x00000700) // type of key struct
// used for this key
// (TPM_KEY or
// TPM_KEY12)
#define TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT (0x00000780) // Get current status
// of owner evict flag
//
// SubFlags for Flag TSS_TSPATTRIB_RSAKEY_INFO
//
#define TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT (0x00001000)
#define TSS_TSPATTRIB_KEYINFO_RSA_MODULUS (0x00002000)
#define TSS_TSPATTRIB_KEYINFO_RSA_KEYSIZE (0x00003000)
#define TSS_TSPATTRIB_KEYINFO_RSA_PRIMES (0x00004000)
//
// SubFlags for Flag TSS_TSPATTRIB_KEY_PCR
//
#define TSS_TSPATTRIB_KEYPCR_DIGEST_ATCREATION (0x00008000)
#define TSS_TSPATTRIB_KEYPCR_DIGEST_ATRELEASE (0x00010000)
#define TSS_TSPATTRIB_KEYPCR_SELECTION (0x00018000)
//
// SubFlags for TSS_TSPATTRIB_KEY_REGISTER
//
#define TSS_TSPATTRIB_KEYREGISTER_USER (0x02000000)
#define TSS_TSPATTRIB_KEYREGISTER_SYSTEM (0x04000000)
#define TSS_TSPATTRIB_KEYREGISTER_NO (0x06000000)
//
// SubFlags for Flag TSS_TSPATTRIB_KEY_PCR_LONG
//
#define TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATCREATION (0x00040000) /* UINT32 */
#define TSS_TSPATTRIB_KEYPCRLONG_LOCALITY_ATRELEASE (0x00080000) /* UINT32 */
#define TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION (0x000C0000) /* DATA */
#define TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION (0x00100000) /* DATA */
#define TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION (0x00140000) /* DATA */
#define TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE (0x00180000) /* DATA */
//
// SubFlags for Flag TSS_TSPATTRIB_KEY_CMKINFO
//
#define TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL (0x00000010)
#define TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST (0x00000020)
//
// Attribute Values
//
//
// key size definitions
//
#define TSS_KEY_SIZEVAL_512BIT (0x0200)
#define TSS_KEY_SIZEVAL_1024BIT (0x0400)
#define TSS_KEY_SIZEVAL_2048BIT (0x0800)
#define TSS_KEY_SIZEVAL_4096BIT (0x1000)
#define TSS_KEY_SIZEVAL_8192BIT (0x2000)
#define TSS_KEY_SIZEVAL_16384BIT (0x4000)
//
// key usage definitions
// Values intentionally moved away from corresponding TPM values to avoid
// possible misuse
//
#define TSS_KEYUSAGE_BIND (0x00)
#define TSS_KEYUSAGE_IDENTITY (0x01)
#define TSS_KEYUSAGE_LEGACY (0x02)
#define TSS_KEYUSAGE_SIGN (0x03)
#define TSS_KEYUSAGE_STORAGE (0x04)
#define TSS_KEYUSAGE_AUTHCHANGE (0x05)
#define TSS_KEYUSAGE_MIGRATE (0x06)
//
// key flag definitions
//
#define TSS_KEYFLAG_REDIRECTION (0x00000001)
#define TSS_KEYFLAG_MIGRATABLE (0x00000002)
#define TSS_KEYFLAG_VOLATILEKEY (0x00000004)
#define TSS_KEYFLAG_CERTIFIED_MIGRATABLE (0x00000008)
//
// algorithm ID definitions
//
// This table defines the algo id's
// Values intentionally moved away from corresponding TPM values to avoid
// possible misuse
//
#define TSS_ALG_RSA (0x20)
#define TSS_ALG_DES (0x21)
#define TSS_ALG_3DES (0x22)
#define TSS_ALG_SHA (0x23)
#define TSS_ALG_HMAC (0x24)
#define TSS_ALG_AES128 (0x25)
#define TSS_ALG_AES192 (0x26)
#define TSS_ALG_AES256 (0x27)
#define TSS_ALG_XOR (0x28)
#define TSS_ALG_MGF1 (0x29)
#define TSS_ALG_AES TSS_ALG_AES128
// Special values for
// Tspi_Context_GetCapability(TSS_TSPCAP_ALG)
// Tspi_Context_GetCapability(TSS_TCSCAP_ALG)
#define TSS_ALG_DEFAULT (0xfe)
#define TSS_ALG_DEFAULT_SIZE (0xff)
//
// key signature scheme definitions
//
#define TSS_SS_NONE (0x10)
#define TSS_SS_RSASSAPKCS1V15_SHA1 (0x11)
#define TSS_SS_RSASSAPKCS1V15_DER (0x12)
#define TSS_SS_RSASSAPKCS1V15_INFO (0x13)
//
// key encryption scheme definitions
//
#define TSS_ES_NONE (0x10)
#define TSS_ES_RSAESPKCSV15 (0x11)
#define TSS_ES_RSAESOAEP_SHA1_MGF1 (0x12)
#define TSS_ES_SYM_CNT (0x13)
#define TSS_ES_SYM_OFB (0x14)
#define TSS_ES_SYM_CBC_PKCS5PAD (0x15)
//
// persistent storage registration definitions
//
#define TSS_PS_TYPE_USER (1) // Key is registered persistantly in the user
// storage database.
#define TSS_PS_TYPE_SYSTEM (2) // Key is registered persistantly in the system
// storage database.
//
// migration scheme definitions
// Values intentionally moved away from corresponding TPM values to avoid
// possible misuse
//
#define TSS_MS_MIGRATE (0x20)
#define TSS_MS_REWRAP (0x21)
#define TSS_MS_MAINT (0x22)
#define TSS_MS_RESTRICT_MIGRATE (0x23)
#define TSS_MS_RESTRICT_APPROVE_DOUBLE (0x24)
#define TSS_MS_RESTRICT_MIGRATE_EXTERNAL (0x25)
//
// TPM key authorization
// Values intentionally moved away from corresponding TPM values to avoid
// possible misuse
//
#define TSS_KEYAUTH_AUTH_NEVER (0x10)
#define TSS_KEYAUTH_AUTH_ALWAYS (0x11)
#define TSS_KEYAUTH_AUTH_PRIV_USE_ONLY (0x12)
//
// Flags for TPM status information (GetStatus and SetStatus)
//
#define TSS_TPMSTATUS_DISABLEOWNERCLEAR (0x00000001) // persistent flag
#define TSS_TPMSTATUS_DISABLEFORCECLEAR (0x00000002) // volatile flag
#define TSS_TPMSTATUS_DISABLED (0x00000003) // persistent flag
#define TSS_TPMSTATUS_DEACTIVATED (0x00000004) // volatile flag
#define TSS_TPMSTATUS_OWNERSETDISABLE (0x00000005) // persistent flag
// for SetStatus
// (disable flag)
#define TSS_TPMSTATUS_SETOWNERINSTALL (0x00000006) // persistent flag
// (ownership flag)
#define TSS_TPMSTATUS_DISABLEPUBEKREAD (0x00000007) // persistent flag
#define TSS_TPMSTATUS_ALLOWMAINTENANCE (0x00000008) // persistent flag
#define TSS_TPMSTATUS_PHYSPRES_LIFETIMELOCK (0x00000009) // persistent flag
#define TSS_TPMSTATUS_PHYSPRES_HWENABLE (0x0000000A) // persistent flag
#define TSS_TPMSTATUS_PHYSPRES_CMDENABLE (0x0000000B) // persistent flag
#define TSS_TPMSTATUS_PHYSPRES_LOCK (0x0000000C) // volatile flag
#define TSS_TPMSTATUS_PHYSPRESENCE (0x0000000D) // volatile flag
#define TSS_TPMSTATUS_PHYSICALDISABLE (0x0000000E) // persistent flag
// (SetStatus
// disable flag)
#define TSS_TPMSTATUS_CEKP_USED (0x0000000F) // persistent flag
#define TSS_TPMSTATUS_PHYSICALSETDEACTIVATED (0x00000010) // persistent flag
// (deactivated flag)
#define TSS_TPMSTATUS_SETTEMPDEACTIVATED (0x00000011) // volatile flag
// (deactivated flag)
#define TSS_TPMSTATUS_POSTINITIALISE (0x00000012) // volatile flag
#define TSS_TPMSTATUS_TPMPOST (0x00000013) // persistent flag
#define TSS_TPMSTATUS_TPMPOSTLOCK (0x00000014) // persistent flag
#define TSS_TPMSTATUS_DISABLEPUBSRKREAD (0x00000016) // persistent flag
#define TSS_TPMSTATUS_MAINTENANCEUSED (0x00000017) // persistent flag
#define TSS_TPMSTATUS_OPERATORINSTALLED (0x00000018) // persistent flag
#define TSS_TPMSTATUS_OPERATOR_INSTALLED (TSS_TPMSTATUS_OPERATORINSTALLED)
#define TSS_TPMSTATUS_FIPS (0x00000019) // persistent flag
#define TSS_TPMSTATUS_ENABLEREVOKEEK (0x0000001A) // persistent flag
#define TSS_TPMSTATUS_ENABLE_REVOKEEK (TSS_TPMSTATUS_ENABLEREVOKEEK)
#define TSS_TPMSTATUS_NV_LOCK (0x0000001B) // persistent flag
#define TSS_TPMSTATUS_TPM_ESTABLISHED (0x0000001C) // persistent flag
#define TSS_TPMSTATUS_RESETLOCK (0x0000001D) // volatile flag
#define TSS_TPMSTATUS_DISABLE_FULL_DA_LOGIC_INFO (0x0000001D) //persistent flag
//
// Capability flag definitions
//
// TPM capabilities
//
#define TSS_TPMCAP_ORD (0x10)
#define TSS_TPMCAP_ALG (0x11)
#define TSS_TPMCAP_FLAG (0x12)
#define TSS_TPMCAP_PROPERTY (0x13)
#define TSS_TPMCAP_VERSION (0x14)
#define TSS_TPMCAP_VERSION_VAL (0x15)
#define TSS_TPMCAP_NV_LIST (0x16)
#define TSS_TPMCAP_NV_INDEX (0x17)
#define TSS_TPMCAP_MFR (0x18)
#define TSS_TPMCAP_SYM_MODE (0x19)
#define TSS_TPMCAP_HANDLE (0x1a)
#define TSS_TPMCAP_TRANS_ES (0x1b)
#define TSS_TPMCAP_AUTH_ENCRYPT (0x1c)
#define TSS_TPMCAP_SET_PERM_FLAGS (0x1d) // cf. TPM_SET_PERM_FLAGS
#define TSS_TPMCAP_SET_VENDOR (0x1e) // cf. TPM_SET_VENDOR
#define TSS_TPMCAP_DA_LOGIC (0x1f)
//
// Sub-Capability Flags for TSS_TPMCAP_PROPERTY
//
#define TSS_TPMCAP_PROP_PCR (0x10)
#define TSS_TPMCAP_PROP_DIR (0x11)
#define TSS_TPMCAP_PROP_MANUFACTURER (0x12)
#define TSS_TPMCAP_PROP_SLOTS (0x13)
#define TSS_TPMCAP_PROP_KEYS TSS_TPMCAP_PROP_SLOTS
#define TSS_TPMCAP_PROP_FAMILYROWS (0x14)
#define TSS_TPMCAP_PROP_DELEGATEROWS (0x15)
#define TSS_TPMCAP_PROP_OWNER (0x16)
#define TSS_TPMCAP_PROP_MAXKEYS (0x18)
#define TSS_TPMCAP_PROP_AUTHSESSIONS (0x19)
#define TSS_TPMCAP_PROP_MAXAUTHSESSIONS (0x1a)
#define TSS_TPMCAP_PROP_TRANSESSIONS (0x1b)
#define TSS_TPMCAP_PROP_MAXTRANSESSIONS (0x1c)
#define TSS_TPMCAP_PROP_SESSIONS (0x1d)
#define TSS_TPMCAP_PROP_MAXSESSIONS (0x1e)
#define TSS_TPMCAP_PROP_CONTEXTS (0x1f)
#define TSS_TPMCAP_PROP_MAXCONTEXTS (0x20)
#define TSS_TPMCAP_PROP_DAASESSIONS (0x21)
#define TSS_TPMCAP_PROP_MAXDAASESSIONS (0x22)
#define TSS_TPMCAP_PROP_DAA_INTERRUPT (0x23)
#define TSS_TPMCAP_PROP_COUNTERS (0x24)
#define TSS_TPMCAP_PROP_MAXCOUNTERS (0x25)
#define TSS_TPMCAP_PROP_ACTIVECOUNTER (0x26)
#define TSS_TPMCAP_PROP_MIN_COUNTER (0x27)
#define TSS_TPMCAP_PROP_TISTIMEOUTS (0x28)
#define TSS_TPMCAP_PROP_STARTUPEFFECTS (0x29)
#define TSS_TPMCAP_PROP_MAXCONTEXTCOUNTDIST (0x2a)
#define TSS_TPMCAP_PROP_CMKRESTRICTION (0x2b)
#define TSS_TPMCAP_PROP_DURATION (0x2c)
#define TSS_TPMCAP_PROP_MAXNVAVAILABLE (0x2d)
#define TSS_TPMCAP_PROP_INPUTBUFFERSIZE (0x2e)
#define TSS_TPMCAP_PROP_REVISION (0x2f)
#define TSS_TPMCAP_PROP_LOCALITIES_AVAIL (0x32)
//
// Resource type flags
// Sub-Capability Flags for TSS_TPMCAP_HANDLE
//
#define TSS_RT_KEY ((UINT32)0x00000010)
#define TSS_RT_AUTH ((UINT32)0x00000020)
#define TSS_RT_TRANS ((UINT32)0x00000030)
#define TSS_RT_COUNTER ((UINT32)0x00000040)
//
// TSS Core Service Capabilities
//
#define TSS_TCSCAP_ALG (0x00000001)
#define TSS_TCSCAP_VERSION (0x00000002)
#define TSS_TCSCAP_CACHING (0x00000003)
#define TSS_TCSCAP_PERSSTORAGE (0x00000004)
#define TSS_TCSCAP_MANUFACTURER (0x00000005)
#define TSS_TCSCAP_PLATFORM_CLASS (0x00000006)
#define TSS_TCSCAP_TRANSPORT (0x00000007)
#define TSS_TCSCAP_PLATFORM_INFO (0x00000008)
//
// Sub-Capability Flags TSS-CoreService-Capabilities
//
#define TSS_TCSCAP_PROP_KEYCACHE (0x00000100)
#define TSS_TCSCAP_PROP_AUTHCACHE (0x00000101)
#define TSS_TCSCAP_PROP_MANUFACTURER_STR (0x00000102)
#define TSS_TCSCAP_PROP_MANUFACTURER_ID (0x00000103)
#define TSS_TCSCAP_PLATFORM_VERSION (0x00001100)
#define TSS_TCSCAP_PLATFORM_TYPE (0x00001101)
#define TSS_TCSCAP_TRANS_EXCLUSIVE (0x00002100)
#define TSS_TCSCAP_PROP_HOST_PLATFORM (0x00003001)
#define TSS_TCSCAP_PROP_ALL_PLATFORMS (0x00003002)
//
// TSS Service Provider Capabilities
//
#define TSS_TSPCAP_ALG (0x00000010)
#define TSS_TSPCAP_VERSION (0x00000011)
#define TSS_TSPCAP_PERSSTORAGE (0x00000012)
#define TSS_TSPCAP_MANUFACTURER (0x00000013)
#define TSS_TSPCAP_RETURNVALUE_INFO (0x00000015)
#define TSS_TSPCAP_PLATFORM_INFO (0x00000016)
// Sub-Capability Flags for TSS_TSPCAP_MANUFACTURER
//
#define TSS_TSPCAP_PROP_MANUFACTURER_STR (0x00000102)
#define TSS_TSPCAP_PROP_MANUFACTURER_ID (0x00000103)
// Sub-Capability Flags for TSS_TSPCAP_PLATFORM_INFO
//
#define TSS_TSPCAP_PLATFORM_TYPE (0x00000201)
#define TSS_TSPCAP_PLATFORM_VERSION (0x00000202)
// Sub-Capability Flags for TSS_TSPCAP_RETURNVALUE_INFO
//
#define TSS_TSPCAP_PROP_RETURNVALUE_INFO (0x00000201)
//
// Event type definitions
//
#define TSS_EV_CODE_CERT (0x00000001)
#define TSS_EV_CODE_NOCERT (0x00000002)
#define TSS_EV_XML_CONFIG (0x00000003)
#define TSS_EV_NO_ACTION (0x00000004)
#define TSS_EV_SEPARATOR (0x00000005)
#define TSS_EV_ACTION (0x00000006)
#define TSS_EV_PLATFORM_SPECIFIC (0x00000007)
//
// TSP random number limits
//
#define TSS_TSPCAP_RANDOMLIMIT (0x00001000) // Errata: Missing from spec
//
// UUIDs
//
// Errata: This are not in the spec
#define TSS_UUID_SRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 1}} // Storage root key
#define TSS_UUID_SK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 2}} // System key
#define TSS_UUID_RK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 3}} // roaming key
#define TSS_UUID_CRK {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 8}} // CMK roaming key
#define TSS_UUID_USK1 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 4}} // user storage key 1
#define TSS_UUID_USK2 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 5}} // user storage key 2
#define TSS_UUID_USK3 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 6}} // user storage key 3
#define TSS_UUID_USK4 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 7}} // user storage key 4
#define TSS_UUID_USK5 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 9}} // user storage key 5
#define TSS_UUID_USK6 {0, 0, 0, 0, 0, {0, 0, 0, 0, 0, 10}}// user storage key 6
// macro to derive UUIDs for keys whose "OwnerEvict" key is set.
#define TSS_UUID_OWNEREVICT(i) {0, 0, 0, 0, 0, {0, 0, 0, 0, 1, (i)}}
//
// TPM well-known secret
//
#define TSS_WELL_KNOWN_SECRET \
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
// Values for the "direction" parameters in the Tspi_PcrComposite_XX functions.
#define TSS_PCRS_DIRECTION_CREATION ((UINT32)1)
#define TSS_PCRS_DIRECTION_RELEASE ((UINT32)2)
//
// TSS blob version definition for ASN.1 blobs
//
#define TSS_BLOB_STRUCT_VERSION 0x01
//
// TSS blob type definitions for ASN.1 blobs
//
#define TSS_BLOB_TYPE_KEY 0x01
#define TSS_BLOB_TYPE_PUBKEY 0x02
#define TSS_BLOB_TYPE_MIGKEY 0x03
#define TSS_BLOB_TYPE_SEALEDDATA 0x04
#define TSS_BLOB_TYPE_BOUNDDATA 0x05
#define TSS_BLOB_TYPE_MIGTICKET 0x06
#define TSS_BLOB_TYPE_PRIVATEKEY 0x07
#define TSS_BLOB_TYPE_PRIVATEKEY_MOD1 0x08
#define TSS_BLOB_TYPE_RANDOM_XOR 0x09
#define TSS_BLOB_TYPE_CERTIFY_INFO 0x0A
#define TSS_BLOB_TYPE_KEY_1_2 0x0B
#define TSS_BLOB_TYPE_CERTIFY_INFO_2 0x0C
#define TSS_BLOB_TYPE_CMK_MIG_KEY 0x0D
#define TSS_BLOB_TYPE_CMK_BYTE_STREAM 0x0E
//
// Values for TPM_CMK_DELEGATE bitmasks
// For now these are exactly the same values as the corresponding
// TPM_CMK_DELEGATE_* bitmasks.
//
#define TSS_CMK_DELEGATE_SIGNING (((UINT32)1)<<31)
#define TSS_CMK_DELEGATE_STORAGE (((UINT32)1)<<30)
#define TSS_CMK_DELEGATE_BIND (((UINT32)1)<<29)
#define TSS_CMK_DELEGATE_LEGACY (((UINT32)1)<<28)
#define TSS_CMK_DELEGATE_MIGRATE (((UINT32)1)<<27)
//
// Constants for DAA
//
#define TSS_DAA_LENGTH_N 256 // Length of the RSA Modulus (2048 bits)
#define TSS_DAA_LENGTH_F 13 // Length of the f_i's (information encoded into the certificate, 104 bits)
#define TSS_DAA_LENGTH_E 46 // Length of the e's (exponents, part of certificate, 386 bits)
#define TSS_DAA_LENGTH_E_PRIME 15 // Length of the interval the e's are chosen from (120 bits)
#define TSS_DAA_LENGTH_V 317 // Length of the v's (random value, part of certificate, 2536 bits)
#define TSS_DAA_LENGTH_SAFETY 10 // Length of the security parameter controlling the statistical zero-knowledge property (80 bits)
#define TSS_DAA_LENGTH_HASH TPM_SHA1_160_HASH_LEN // Length of the output of the hash function SHA-1 used for the Fiat-Shamir heuristic(160 bits)
#define TSS_DAA_LENGTH_S 128 // Length of the split large exponent for easier computations on the TPM (1024 bits)
#define TSS_DAA_LENGTH_GAMMA 204 // Length of the modulus 'Gamma' (1632 bits)
#define TSS_DAA_LENGTH_RHO 26 // Length of the order 'rho' of the sub group of Z*_Gamma that is used for roggue tagging (208 bits)
#define TSS_DAA_LENGTH_MFG1_GAMMA 214 // Length of the output of MGF1 in conjunction with the modulus Gamma (1712 bits)
#define TSS_DAA_LENGTH_MGF1_AR 25 // Length of the output of MGF1 used for anonymity revocation (200 bits)
#endif // __TSS_DEFINES_H__
|
